I have a rather odd situation, but it's simple, I swear. I have a server (we'll call it host A) that's connected up to the internet and I use for some websites and other odds and ends. I have another server (we'll call it B) that's hosting files and some other things, but it's behind a firewall and NAT.

What I'd like to do is set it up so that a specific port on host A will accept TCP traffic on a certain port and forward it through a VPN or other point-to-point tunnel to host B. host B will then be able to respond. Basically, host A will act as a reverse proxy/load balancer, but since host B is in a different location on a different network (behind a firewall) I would like A and B to connect through a tunnel rather than directly.

I know that this is inefficient, but I'm confident that it's the best solution available to the rather odd network situation of host B.

I think that the solution will be some mixture of fproxy and an ipsec tunnel, but I'm having trouble figuring out how to set up ipsec properly (I've never used it before). I've looked at OpenSwan and StrongSwan, but the trouble is that both are intended to bridge two LANs, it seems, and on top of that the documentation on NAT traversal in ipsec seems to be beyond my comprehension. In my situation I want the tunnel to present only to the two machines involved, probably as its own interface on each machine. This way I could just set up fproxf (or another reverse proxy) to proxy to a virtual IP address that would automagically transport traffic to the other machine, where it would appear to software on that machine as another virtual address.

The key question I ask here, though, is because I don't know if that's the best way to do it. I'm open to any suggestions or advice on how to configure ipsec to enable communications just between the two machines.

You can do an SSH tunnel as @David suggests, though keeping the tunnel up persistently is going to require some type of process on the machine terminating the tunnel to periodically check the tunnel state and re-establish it (if necessary).

I'd probably install OpenVPN on both machines with the "host A" machine configured as a server and the "host B" machine configured as a client. OpenVPN will re-establish the tunnel automatically if it fails (which is why I'd be partial to it over SSH). Once that's up and running I'd probably use iptables rules on the "host A" machine to NAT / forward traffic to the "host "B" machine across the OpenVPN tunnel.